Thursday, November 19, 2009

The NHIN and the Health Internet: A Matter of Control, Cost and Timing

By DAVID C. KIBBE and BRIAN KLEPPER

David Kibbe

There is growing tension within the Obama administration's health team over who will control health data exchange: everyone (including consumers and their doctors), or just large provider organizations. The public debate will be framed in terms of privacy, security, and the adequacy of current exchange standards. But what really matters is who gets to make decisions about where health data resides, how it can be accessed, how much exchange will cost, and how long it will take for exchange to become routine.

Now is a good time to re-visit the plans for a National Health Information Network (NHIN), since we can finally observe and compare different health data sharing and exchange models in the marketplace. NHINs represent an older model that tries to use regional health information organizations (RHIOs) to establish secure networks, privately owned and operated by large provider organizations, mostly hospitals and health systems. The idea was that, over time, each private regional network would develop a gateway to other networks, creating a "network of networks" that would allow Stanford to talk to Partners Health, or Kaiser to Mayo. This communications model was enterprise/provider-centric. Patients/consumers were relegated to depending upon each RHIO's policies for access to their health information. It was also a massively expensive and time consuming - think decades - way to build a health data network.

Suppose a RHIO is in your area. Your health data from hospitals, outpatient clinics, and other settings associated with Health System A, are collected and combined with health data stored in similar settings in Health System B. Possibly Health Systems C, D, and E have also collaborated with A and B in this RHIO. Most RHIOs have cost or will cost many millions of dollars to build and operate. They were greatly encouraged by the Office of the National Coordinator under the Bush Administration, and have received additional support and funding under the ARRA/HITECH provisions that establish Health Information Exchanges (HIEs). They generally create large database management systems housed in large data centers. They typically run on proprietary software, creating closed networks that may or may not permit access onto and off the Internet.

As an individual, you probably don't have direct access to the RHIO data; only doctors and nurses are authorized to access your information. In most RHIOs, if you request access to your health information you must make the request the same way you would to your physician's medical practice, and often you will receive the results on paper. Transfer of these medical records to another institution or to a new provider outside the RHIO is not possible in most cases, although some RHIOs and HIEs now permit patient accounts and viewing of selected data.

By contrast, the Health Internet is a more current model, centered on the patient/consumer. As the name implies, the Health Internet leverages the Web's physical network and its open protocols and standards for health data exchange controlled by patients (and/or patient agents, like doctors, through authorized web services). The idea is to develop mechanisms that allow health information to pass easily across institutional and business boundaries, to anywhere it's needed. The Health Internet builds on the same Internet infrastructure and conventions that under-gird the transactions of major industry sectors like banking, e-commerce, retail sales, home mortgage business, and media and entertainment. Because this infrastructure is largely already in place, although little-used by health care entities now, the Health Internet could grow and scale rapidly at very little cost.

You can already see how the Health Internet is developing. You go to a CVS MinuteClinic, or to a handful of doctors, hospitals, labs, or pharmacies that offer you a personal health record account that lets you transfer your data in machine-readable format at will. You also create a Google Health account (or Microsoft HealthVault, Keas, or any number of personal health record platform websites) which allows you to upload your machine-readable, structured health data to them.

Next, you give your Google Health account permission to transfer your summary health data: to a doctor in anticipation of a visit; to a family member who is helping look after you; to a service that offers decision-support based on your information to help you solve some of your health/wellness problems; or to a service that will organize your health data into folders categorized by date, or provider, or episode of illness. The important thing here is that you, the individual, are deciding when, why, and where your health information is going.

The Health Internet example we've described above is performing the foundational transactions required of a national health information exchange network, and is doing so today. There are many examples, and they are growing organically, without government support, without new and complex standards, and at very low cost.

Even so, the Health Internet's growth is constrained mainly by the limited data available to patients and consumers from their doctors and hospitals, who continue to resist the idea that individuals ought to control their own data. They are also inhibited by patients' reluctance to challenge their doctors and hospitals on this point.

These and other barriers also make the Health Internet an imperfect solution to the goals of secure and efficient interoperable health data transfer. For example, current coding and classification systems remain a complex stumbling block to any model of health data exchange. Various coding systems are in use. Some are proprietary and require pay-for-use, and others need to be extended and gain industry consensus to be truly useful.

But it is no coincidence that the British government is investigating using both Google Health and Microsoft HealthVault for personal health data exchange, moving away from its own National Health Service program, after the latter spent billions on a national information network that doesn't appear to work. The NHIN "network of networks" model in this country is beginning to flounder, too, and may never achieve its future potential as a national system. The reasons are partly political, economic, and technological. An NHIN system's triple burdens - smoothing over competitive markets, enormous cost, and proprietary complexity - created so that large systems like the VA and the DOD, Kaiser and Geisinger, can exchange data without having to reach the Internet, will likely sink this ship even before the British program runs aground.

The Health Internet, on the other hand, has the obvious advantage of not "re-inventing the wheel." As former Intel CEO Craig Barrett famously said, "We already have a network for health data, it's called the Internet." Proponents of the Health Internet argue that, while health data and privacy and security are very important, the data themselves are inherently no different from financial data or the kinds of personal information routinely -- and very securely -- transported over the Internet using fair market encryption and other security technologies to protect it from intrusion, capture, or breach. So why go backwards to create the equivalent of Prodigy or AOL in every state? It could take forever.

We want to give credit to David Blumenthal, the Obama health team members and the folks at HHS who are taking a hard look at how best to create a secure and efficient method for health data transfer in this country.

David C. Kibbe MD MBA and Brian Klepper PhD write together on health care market dynamics, technology, policy and innovation.

No comments:

Post a Comment